Multiple vulnerabilities in Microsoft Products (ESU)

Описание

Multiple vulnerabilities were found in Microsoft Products (Extended Security Update). Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, cause denial of service, obtain sensitive information.

Below is a complete list of vulnerabilities:

1. A memory corruption vulnerability in Internet Explorer can be exploited remotely to execute arbitrary code.
2. An elevation of privilege vulnerability in Windows UPnP Device Host can be exploited remotely to gain privileges.
3. An elevation of privilege vulnerability in Windows Win32k can be exploited remotely to gain privileges.
4. A denial of service vulnerability in Windows DNS Server can be exploited remotely to cause denial of service.
5. A remote code execution vulnerability in Windows DNS Server can be exploited remotely to execute arbitrary code.
6. An information disclosure vulnerability in Windows Event Tracing can be exploited remotely to obtain sensitive information.
7. An elevation of privilege vulnerability in Windows Print Spooler can be exploited remotely to gain privileges.
8. An elevation of privilege vulnerability in Windows Event Tracing can be exploited remotely to gain privileges.
9. An information disclosure vulnerability in Windows ActiveX Installer Service can be exploited remotely to obtain sensitive information.
10. A remote code execution vulnerability in Windows Graphics Component can be exploited remotely to execute arbitrary code.
11. A remote code execution vulnerability in Microsoft Windows Media Foundation can be exploited remotely to execute arbitrary code.
12. An elevation of privilege vulnerability in Remote Access API can be exploited remotely to gain privileges.
13. An elevation of privilege vulnerability in Windows Installer can be exploited remotely to gain privileges.
14. An elevation of privilege vulnerability in Windows User Profile Service can be exploited remotely to gain privileges.
15. An elevation of privilege vulnerability in Microsoft Windows Folder Redirection can be exploited remotely to gain privileges.

Первичный источник обнаружения

• CVE-2021-26411
  CVE-2021-26899
  CVE-2021-26875
  CVE-2021-27063
  CVE-2021-26895
  CVE-2021-24107
  CVE-2021-26878
  CVE-2021-27077
  CVE-2021-26894
  CVE-2021-26898
  CVE-2021-26893
  CVE-2021-26896
  CVE-2021-26869
  CVE-2021-26877
  CVE-2021-1640
  CVE-2021-26897
  CVE-2021-26872
  CVE-2021-26861
  CVE-2021-26901
  CVE-2021-26881
  CVE-2021-26882
  CVE-2021-26862
  CVE-2021-26873
  CVE-2021-26887
  

Эксплуатация

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Связанные продукты

• Microsoft-Internet-Explorer
• Microsoft-Windows
• Microsoft-Windows-Server
• Microsoft-Windows-7
• Microsoft-Windows-Server-2008

Список CVE

• CVE-2021-26411
  critical
• CVE-2021-26899
  critical
• CVE-2021-26875
  critical
• CVE-2021-27063
  critical
• CVE-2021-26895
  critical
• CVE-2021-24107
  high
• CVE-2021-26887
  critical
• CVE-2021-26878
  critical
• CVE-2021-27077
  critical
• CVE-2021-26894
  critical
• CVE-2021-26898
  critical
• CVE-2021-26893
  critical
• CVE-2021-26896
  critical
• CVE-2021-26869
  high
• CVE-2021-26877
  critical
• CVE-2021-1640
  critical
• CVE-2021-26897
  critical
• CVE-2021-26872
  critical
• CVE-2021-26861
  critical
• CVE-2021-26901
  critical
• CVE-2021-26881
  critical
• CVE-2021-26882
  critical
• CVE-2021-26862
  critical
• CVE-2021-26873
  critical

Список KB

• 5000800
• 5000841
• 5000851
• 5000856
• 5000844

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com